>> It would be good it ASSP's behaviour on detecting such a 'virus' was >> able to be based on the database's risk factor. This risk factor is >> listed on: >> >> Sanesecurity's ClamAV - Phishing and Scam/Spam Signatures
> Cue grayhat > :) LOL ... well... I've asked on the SaneSecurity ML and what I suggest at the moment is... starting from these pages http://www.sanesecurity.com/databases.htm http://www.oitc.com/winnow/clamsigs/index.html http://www.sanesecurity.com/wiki.htm and use the infos to create some regular expressions which could then be used for the "SuspiciousVirus" ASSP entry so that AV hits matching such regexps won't block outright but will be used to score the message so avoiding F/Ps yet helping to cut off "junk" :) as a note it would be a good idea to place such regular expressions into a file (e.g. assp/files/clamscore.txt) and put the file pathname into the ASSP "SuspiciousVirus" entry (file:files/clamscore.txt) HTH ------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
